lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <570ce61a-00ca-446f-ae89-7ab7c340828f@ghiti.fr>
Date: Tue, 6 May 2025 18:31:41 +0200
From: Alexandre Ghiti <alex@...ti.fr>
To: Nam Cao <namcao@...utronix.de>
Cc: Paul Walmsley <paul.walmsley@...ive.com>,
 Palmer Dabbelt <palmer@...belt.com>, Albert Ou <aou@...s.berkeley.edu>,
 Samuel Holland <samuel.holland@...ive.com>, linux-riscv@...ts.infradead.org,
 linux-kernel@...r.kernel.org, stable@...r.kernel.org
Subject: Re: [PATCH] riscv: Fix kernel crash due to PR_SET_TAGGED_ADDR_CTRL

On 05/05/2025 21:27, Alexandre Ghiti wrote:
> On 05/05/2025 18:07, Nam Cao wrote:
>> Hi Alex,
>>
>> On Mon, May 05, 2025 at 06:02:26PM +0200, Alexandre Ghiti wrote:
>>> On 04/05/2025 12:19, Nam Cao wrote:
>>>> When userspace does PR_SET_TAGGED_ADDR_CTRL, but Supm extension is not
>>>> available, the kernel crashes:
>>>>
>>>> Oops - illegal instruction [#1]
>>>>       [snip]
>>>> epc : set_tagged_addr_ctrl+0x112/0x15a
>>>>    ra : set_tagged_addr_ctrl+0x74/0x15a
>>>> epc : ffffffff80011ace ra : ffffffff80011a30 sp : ffffffc60039be10
>>>>       [snip]
>>>> status: 0000000200000120 badaddr: 0000000010a79073 cause: 
>>>> 0000000000000002
>>>>       set_tagged_addr_ctrl+0x112/0x15a
>>>>       __riscv_sys_prctl+0x352/0x73c
>>>>       do_trap_ecall_u+0x17c/0x20c
>>>>       andle_exception+0x150/0x15c
>>>
>>> It seems like the csr write is triggering this illegal instruction, 
>>> can you
>>> confirm it is?
>> Yes, it is the "csr_write(CSR_ENVCFG, envcfg);" in envcfg_update_bits().
>>
>>> If so, I can't find in the specification that an implementation 
>>> should do
>>> that when writing envcfg and I can't reproduce it on qemu. Where did 
>>> you
>>> see this oops?
>> I can't find it in the spec either. I think it is up to the 
>> implementation.
>
>
> The reserved fields of senvcfg are WPRI and contrary to WLRL, it does 
> not explicitly "permit" to raise an illegal instruction so I'd say it 
> is not up to the implementation, I'll ask around.


So I had confirmation that WPRI should not raise an illegal instruction 
so that's an issue with the platform. Your patch is not wrong but I'd 
rather have an explicit errata, what do you think?

Thanks,

Alex


>
> Thanks,
>
> Alex
>
>
>>
>> I got this crash on the MangoPI board:
>> https://mangopi.org/mqpro
>>
>> Best regards,
>> Nam
>>
>> _______________________________________________
>> linux-riscv mailing list
>> linux-riscv@...ts.infradead.org
>> http://lists.infradead.org/mailman/listinfo/linux-riscv
>
> _______________________________________________
> linux-riscv mailing list
> linux-riscv@...ts.infradead.org
> http://lists.infradead.org/mailman/listinfo/linux-riscv

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ